Content
Hi,
I have a snom D725 deskphone and i need to disable TLSv1.0 and TLSv1.1. Vulnerability found using nessus.
I found in another forum that the correct way is to edit the identity of the user and on outbound proxy to add "x.x.x.x:506;transport=tls" where x.x.x.x is the ip of the pbx server.
I did that but it didn't work and the phone shown unregistered.
Firmware installed: snom725-SIP 10.1.119.10
Thank you
Ioannis Argyrou
$userLabel.NameJoined: 22.07.2022
Overview
Content Tools
Tasks
More service from Snom
Copyright © 2024 Snom Technology GmbH. All rights reserved.
1 Comment
Federico Rossi
Jul 26, 2022Hi,
removing the transport=tls from the outbound proxy changes from SIP over TLS to SIP over UDP, but if the PBX accept only TLS transport, it will refuse the phone registration attempt.
Snom D725, by default, has a SHA-1 built-in certificate, so if you are using our CA certificate and you want to change to SHA-2, you must upgrade the phone certificate (just add the phone mac address on SRAPS to get the update) and the server certificate (download it from our wiki and install it on the pbx).
You can find all the informations about TLS here:
https://service.snom.com/display/wiki/TLS+Support
Best regards